[ OK ] Reached target Timers. Starting Permit User Sessions... Starting getty on tty2-tty6 if dbus and logind are not available... Starting OpenBSD Secure Shell server... [ OK ] Started System Logging Service. [ OK ] Started Permit User Sessions. [ OK ] Found device /dev/ttyS0. [ 52.675129][ T6489] sshd (6489) used greatest stack depth: 23304 bytes left [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.64' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 69.363928][ T28] audit: type=1400 audit(1593341776.966:8): avc: denied { execmem } for pid=6807 comm="syz-executor388" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 69.411122][ T6808] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 69.427413][ T28] audit: type=1804 audit(1593341777.036:9): pid=6809 uid=0 auid=0 ses=5 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor388" name="/root/bus/file0" dev="overlay" ino=15706 res=1 [ 69.436641][ T6810] [ 69.451805][ T6810] ====================================================== [ 69.458798][ T6810] WARNING: possible circular locking dependency detected [ 69.465909][ T6810] 5.8.0-rc2-syzkaller #0 Not tainted [ 69.471169][ T6810] ------------------------------------------------------ [ 69.478179][ T6810] syz-executor388/6810 is trying to acquire lock: [ 69.484580][ T6810] ffff88809f4b12c0 (&iint->mutex){+.+.}-{3:3}, at: process_measurement+0x363/0x1760 [ 69.494069][ T6810] [ 69.494069][ T6810] but task is already holding lock: [ 69.501418][ T6810] ffff888214b78450 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x3a/0xb0 [ 69.510095][ T6810] [ 69.510095][ T6810] which lock already depends on the new lock. [ 69.510095][ T6810] [ 69.520699][ T6810] [ 69.520699][ T6810] the existing dependency chain (in reverse order) is: [ 69.529706][ T6810] [ 69.529706][ T6810] -> #1 (sb_writers#4){.+.+}-{0:0}: [ 69.537069][ T6810] __sb_start_write+0x234/0x470 [ 69.542418][ T6810] mnt_want_write+0x3a/0xb0 [ 69.547516][ T6810] ovl_maybe_copy_up+0x11f/0x190 [ 69.552956][ T6810] ovl_open+0xba/0x270 [ 69.557521][ T6810] do_dentry_open+0x501/0x1290 [ 69.562777][ T6810] dentry_open+0x132/0x1d0 [ 69.567813][ T6810] ima_calc_file_hash+0x32b/0x570 [ 69.573331][ T6810] ima_collect_measurement+0x4ca/0x570 [ 69.579284][ T6810] process_measurement+0xca6/0x1760 [ 69.585002][ T6810] ima_file_check+0xb9/0x100 [ 69.590085][ T6810] path_openat+0x156c/0x2750 [ 69.595251][ T6810] do_filp_open+0x17e/0x3c0 [ 69.600245][ T6810] do_sys_openat2+0x16f/0x3b0 [ 69.605412][ T6810] __x64_sys_open+0x119/0x1c0 [ 69.610581][ T6810] do_syscall_64+0x60/0xe0 [ 69.615491][ T6810] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.621868][ T6810] [ 69.621868][ T6810] -> #0 (&iint->mutex){+.+.}-{3:3}: [ 69.629214][ T6810] __lock_acquire+0x2acb/0x56e0 [ 69.634553][ T6810] lock_acquire+0x1f1/0xad0 [ 69.639561][ T6810] __mutex_lock+0x134/0x10d0 [ 69.644642][ T6810] process_measurement+0x363/0x1760 [ 69.650337][ T6810] ima_file_check+0xb9/0x100 [ 69.655433][ T6810] path_openat+0x156c/0x2750 [ 69.660521][ T6810] do_filp_open+0x17e/0x3c0 [ 69.665620][ T6810] do_sys_openat2+0x16f/0x3b0 [ 69.670794][ T6810] __x64_sys_openat+0x13f/0x1f0 [ 69.676139][ T6810] do_syscall_64+0x60/0xe0 [ 69.681068][ T6810] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.687447][ T6810] [ 69.687447][ T6810] other info that might help us debug this: [ 69.687447][ T6810] [ 69.697650][ T6810] Possible unsafe locking scenario: [ 69.697650][ T6810] [ 69.705093][ T6810] CPU0 CPU1 [ 69.710428][ T6810] ---- ---- [ 69.715764][ T6810] lock(sb_writers#4); [ 69.719888][ T6810] lock(&iint->mutex); [ 69.726541][ T6810] lock(sb_writers#4); [ 69.733182][ T6810] lock(&iint->mutex); [ 69.737319][ T6810] [ 69.737319][ T6810] *** DEADLOCK *** [ 69.737319][ T6810] [ 69.745446][ T6810] 1 lock held by syz-executor388/6810: [ 69.750883][ T6810] #0: ffff888214b78450 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x3a/0xb0 [ 69.759985][ T6810] [ 69.759985][ T6810] stack backtrace: [ 69.765849][ T6810] CPU: 0 PID: 6810 Comm: syz-executor388 Not tainted 5.8.0-rc2-syzkaller #0 [ 69.774488][ T6810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.784512][ T6810] Call Trace: [ 69.787798][ T6810] dump_stack+0x18f/0x20d [ 69.792101][ T6810] check_noncircular+0x324/0x3e0 [ 69.797008][ T6810] ? print_circular_bug+0x3a0/0x3a0 [ 69.802175][ T6810] ? lock_downgrade+0x820/0x820 [ 69.806998][ T6810] ? lock_repin_lock+0x450/0x450 [ 69.811904][ T6810] ? mark_lock+0xbc/0x1710 [ 69.816305][ T6810] __lock_acquire+0x2acb/0x56e0 [ 69.821130][ T6810] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 69.827084][ T6810] ? mark_lock+0xbc/0x1710 [ 69.831474][ T6810] lock_acquire+0x1f1/0xad0 [ 69.836051][ T6810] ? process_measurement+0x363/0x1760 [ 69.841394][ T6810] ? lock_release+0x8d0/0x8d0 [ 69.846042][ T6810] __mutex_lock+0x134/0x10d0 [ 69.850624][ T6810] ? process_measurement+0x363/0x1760 [ 69.855966][ T6810] ? lock_downgrade+0x820/0x820 [ 69.860787][ T6810] ? process_measurement+0x363/0x1760 [ 69.866130][ T6810] ? mutex_lock_io_nested+0xf60/0xf60 [ 69.871484][ T6810] ? up_write+0x191/0x560 [ 69.876045][ T6810] ? downgrade_write+0x3a0/0x3a0 [ 69.880961][ T6810] ? do_raw_read_unlock+0x3b/0x70 [ 69.885957][ T6810] ? _raw_read_unlock+0x24/0x40 [ 69.890790][ T6810] ? integrity_iint_find+0x123/0x150 [ 69.896046][ T6810] process_measurement+0x363/0x1760 [ 69.901217][ T6810] ? __lock_acquire+0xc1e/0x56e0 [ 69.906126][ T6810] ? mmap_violation_check+0x1e0/0x1e0 [ 69.911483][ T6810] ? rwlock_bug.part.0+0x90/0x90 [ 69.916392][ T6810] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 69.922355][ T6810] ? dquot_initialize_needed+0x290/0x290 [ 69.927957][ T6810] ? find_held_lock+0x2d/0x110 [ 69.932695][ T6810] ? selinux_task_getsecid+0x167/0x2c0 [ 69.938130][ T6810] ? lock_downgrade+0x820/0x820 [ 69.942952][ T6810] ? ext4_dio_write_end_io+0x100/0x100 [ 69.948386][ T6810] ? check_preemption_disabled+0x38/0x220 [ 69.954081][ T6810] ? selinux_task_getsecid+0x189/0x2c0 [ 69.959511][ T6810] ima_file_check+0xb9/0x100 [ 69.964075][ T6810] ? process_measurement+0x1760/0x1760 [ 69.969506][ T6810] path_openat+0x156c/0x2750 [ 69.974069][ T6810] ? path_lookupat+0x830/0x830 [ 69.978806][ T6810] ? cache_grow_end+0x46/0x170 [ 69.983541][ T6810] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 69.989518][ T6810] do_filp_open+0x17e/0x3c0 [ 69.993992][ T6810] ? may_open_dev+0xf0/0xf0 [ 69.998487][ T6810] ? do_raw_spin_lock+0x120/0x2b0 [ 70.003498][ T6810] ? _raw_spin_unlock+0x24/0x40 [ 70.008322][ T6810] ? __alloc_fd+0x28d/0x600 [ 70.012812][ T6810] do_sys_openat2+0x16f/0x3b0 [ 70.017460][ T6810] ? finish_task_switch+0x147/0x750 [ 70.022628][ T6810] ? build_open_flags+0x650/0x650 [ 70.027629][ T6810] ? lock_acquire+0x1f1/0xad0 [ 70.032288][ T6810] ? find_held_lock+0x2d/0x110 [ 70.037024][ T6810] __x64_sys_openat+0x13f/0x1f0 [ 70.043061][ T6810] ? __ia32_sys_open+0x1c0/0x1c0 [ 70.047981][ T6810] ? do_syscall_64+0x1c/0xe0 [ 70.052546][ T6810] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 70.058497][ T6810] do_syscall_64+0x60/0xe0 [ 70.062883][ T6810] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 70.071608][ T6810] RIP: 0033:0x445a99 [ 70.075468][ T6810] Code: Bad RIP value. [ 70.079503][ T6810] RSP: 002b:00007f1417523db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 70.087882][ T6810] RAX: ffffffffffffffda RBX: 00000000006dac48 RCX: 0000000000445a99 [ 70.095824][ T6810] RDX: 000000000000275a RSI: 00000000200001c0 RDI: 00000000ffffff9c [ 70.103852][ T6810] RBP: 00000000006dac40 R08: 00007f1417524700 R09: 0000000000000000 [ 70.111803][ T6810] R10: 0